I've been in the IT industry since the time of the dinosaurs (ICL anyone?). I've written books about the Internet and networking, consulted for all sorts of companies, and been a contributor and columnist for Network World for 18 years (check out my Backspin and Gearhead columns). I created and co-founded Netratings (now wholly owned by Nielsen) and have CTO'ed for a couple of startups. I live in Ventura, CA. I do not surf.

Canadian Industry Groups Want to Legalize Spyware

Remember the Sony rootkit fiasco from 2005? If you don’t, allow me to explain …

In 2005 it was discovered that global recorded music company Sony BMG, now renamed Sony Music Entertainment, had included what amounted to spyware on some of the CDs they marketed.

This spyware, technically called a “rootkit“, was ostensibly an attempt to enforce digital rights management (DRM) but naively exposed users’ computers to a whole range of security risks.

Myself and many other commentators took Sony to task for this and were outraged when Thomas Hesse, Sony’s then president of the company’s global digital business division, commented in a radio interview:

Most people, I think, don’t even know what a rootkit is, so why should they care about it?

As I noted at the time:

… most troubling is that he presumes that the ignorance of others is a reasonable basis for doing something to their property. Even worse is the fact that something could have unknown side effects and consequences.

(It’s worth noting that Hesse was promoted to the Supervisory Board of Sony’s parent company, Bertelsmann AG, last year which says how little impact the rootkit fracas had on his career despite him being responsible for what was monumentally bad judgment by his division.)

Since this watershed in the history of Big Media’s obsessive quest to treat everyone who gets anywhere near their products like a criminal, the war against pirates continued unabated with the likes of the Recording Industry Association of America being discovered, also in 2005, to have hacked into the home computer of one Tanya Anderson, a 42-year-old disabled single mother from Oregon on the suspicion that she had illegally downloaded music.

In response, Ms. Andersen took the RIAA to court for RICO violations, fraud, invasion of privacy, abuse of process, electronic trespass, violation of the Computer Fraud and Abuse Act, negligent misrepresentation, the tort of “outrage”, and deceptive business practices and, three years later, won a judgement against the RIAA with costs being awarded to her to the tune (pun intended) of almost $108,000.

The latest and one of the most shameless forays into corporations trying to control and spy on consumers has just surfaced in Canada.

A collection of industry association including the Canadian Chamber of Commerce, the Canadian Marketing Association, the Canadian Wireless Telecommunications Association, and the Entertainment Software Association of Canada filed a comment on Canada’s draft anti-spam legislation that contains a provision that would, and I quote from a disturbing blog post written by Michael Geist, a law professor at the University of Ottawa:

… effectively legalize spyware in Canada on behalf of these industry groups

Currently under Canadian law, you, as a third party, can’t mess with a user’s computer:

8. (1) A person must not, in the course of a commercial activity, install or cause to be installed a computer program on any other person’s computer system or, having so installed or caused to be installed a computer program, cause an electronic message to be sent from that computer system, unless

(a) the person has obtained the express consent of the owner or an authorized user of the computer system and complies with subsection 11(5); or

(b) the person is acting in accordance with a court order.

What the industry groups want is to either throw out that wording entirely and have a “Review Body” look at the issues (which punts the whole mess into limbo) or include the following wording (it’s on page 11):

… the following computer programs be exempt from section 8 of the Act:

(a) a program that is installed by or on behalf of a person to prevent, detect, investigate, or terminate activities that the person reasonably believes (i) present a risk or threatens the security, privacy, or unauthorized or fraudulent use, of a computer system, telecommunications facility, or network, or (ii) involves the contravention of any law of Canada, of a province or municipality of Canada or of a foreign state;

Allow me to translate that for you: We get to place surveillance software on consumer’s computers on the thinest of pretexts.

We can be pretty certain that the industry associations would have much preferred not have so much attention focussed on their nefarious plans and it will be interesting to see how they go about “damage control.”

What is certain is that these attempts at legalizing spying and controlling consumers aren’t going to stop and it’s all going to get a lot more complicated, messy, and tortuously legal.

Post Your Comment

Post Your Reply

Forbes writers have the ability to call out member comments they find particularly interesting. Called-out comments are highlighted across the Forbes network. You'll be notified if your comment is called out.

Comments

What a repulsive and ultimately pointless endeavor. The only people that this DRM affects are the legitimate customers. The whole reason they add this intrusive, and at time damaging, DRM is to keep pirates from pirating their material; however pirates will immediately remove the DRM and then upload and download the now DRM-less illegitimate copy, and the only people who have to actually deal with the awful DRM are the actual paying customers. It is a completely broken system, and instead of the media industry trying solve the problem they just add more and more obnoxious DRM.